New research from Monash University presents the most effective approach to accurately predict vulnerabilities in software code and strengthen cyber security.
Software vulnerabilities are prevalent across all systems that are built using source codes, causing a variety of problems including deadlock, hacking or even system failures.
To help combat this, Faculty of Information Technology experts developed the “LineVul” approach, and found it increased accuracy in predicting software vulnerabilities by more than 300 per cent while spending only half the usual amount of time and effort, when compared to current best-in-class prediction tools.
LineVul is also able to guard against the top 25 most dangerous and common weaknesses in source codes and can be applied broadly to strengthen cyber security across any application built with source code.
According to research co-author Dr Chakkrit Tantithamthavorn, from the Faculty of Information Technology (IT), standard software programs contain millions to billions of lines of code, and it often takes a significant amount of time to identify and rectify vulnerabilities.
“Current state-of-the-art machine learning-based vulnerability prediction tools are still inaccurate and are only able to identify general areas of weakness in the source codes.
“With the proposed LineVul approach, we are not only able to predict the most critical areas of vulnerability but also are able to specifically identify the location of vulnerabilities down to the exact line of code,” Dr Tantithamthavorn said.
Research co-author PhD candidate Michael Fu added that the LineVul approach was tested against large-scale, real-world datasets with more than 188,000 lines of software code.
“Software developers normally spend a substantial amount of time trying to identify vulnerabilities in code either during the development process or after the program has been implemented.
“The existence of vulnerabilities, especially after the implementation of the program, can potentially expose software systems to dangerous cyber attacks.
“The LineVul approach can be broadly applied across any software system to strengthen applications against cyber attacks and can be a significant tool for developers especially in safety-critical areas like software used by the Australian government, defence, finance sectors etc,” Fu said.
Future research building on the LineVul approach includes the development of new methods to automatically suggest corrections for vulnerabilities in software code.
This research was supported by the Australian Research Council’s Discovery Early Career Researcher Award 2020-22.